In computing, a Trusted Platform Module (TPM) is the name of a specification of a secure processor that can store cryptographic keys that protect information, as well as the name of a hardware component that implements the specification. A Trusted Platform Module offers facilities for the secure generation of cryptographic keys and limitation of their use, in addition to a hardware true random number generator and also includes capabilities such as remote attestation and sealed storage. Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is the expected system.
The virtualization of the Trusted Platform Module is also known. For example, U.S. Pat. No. 7,707,411 discloses a method for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.
In a virtual computing environment that uses a virtual trusted platform module, it is likely that the virtual trusted platform module executes as a thread/process of some secured part of the hypervisor (i.e. tamper-proof from the virtual machine using the virtual trusted platform module). The virtual trusted platform module is used as part of a trusted boot of the virtual machine, with components of the boot measuring interesting parts and storing those measurements in the virtual trusted platform module (an operation called Platform Configuration Register (PCR) extend). These measurements form what is known as the chain of trust and an external observer uses a cryptographically signed copy of the chain to assert the trust of the system. The chain of trust is therefore critical, no hole must be allowed in the chain or there exists an attack where a malicious component could spoof itself as trusted.
Since the virtual trusted platform module is essentially a software component, it can fail to operate as expected. For example, a known problem occurs when a virtual machine is performing a trusted boot and attempts a virtual trusted platform module operation and the virtual trusted platform module fails to respond, as there is then a question as to the action that the system should take. In the prior art there are two options, firstly, halt the boot until the virtual trusted platform module responds or secondly, time-out and continue the boot. The former option is not desirable as it leads to a denial of service and the latter option leads to a security hole. This can occur if the virtual trusted platform module never entered a measurement, but returning an error, was stalled doing so, simply allowing the boot to continue leaves a hole in the chain. If the next boot component is actually not trusted it will not have been measured and it could fill the hole in the chain with a fake trusted measurement which would allow an untrusted system to masquerade as trusted.